You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@cloudstack.apache.org by nv...@apache.org on 2022/04/06 03:16:51 UTC

[cloudstack] branch 4.16 updated: VR: Do not add iptables rules for the revoked ip addresses (#6189)

This is an automated email from the ASF dual-hosted git repository.

nvazquez pushed a commit to branch 4.16
in repository https://gitbox.apache.org/repos/asf/cloudstack.git


The following commit(s) were added to refs/heads/4.16 by this push:
     new c61ea9f96d VR: Do not add iptables rules for the revoked ip addresses (#6189)
c61ea9f96d is described below

commit c61ea9f96d23ca885138ad5ccea09af62489b373
Author: Wei Zhou <we...@apache.org>
AuthorDate: Wed Apr 6 05:16:47 2022 +0200

    VR: Do not add iptables rules for the revoked ip addresses (#6189)
---
 systemvm/debian/opt/cloud/bin/cs/CsAddress.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/systemvm/debian/opt/cloud/bin/cs/CsAddress.py b/systemvm/debian/opt/cloud/bin/cs/CsAddress.py
index 0bc5d44ac5..afc1107a61 100755
--- a/systemvm/debian/opt/cloud/bin/cs/CsAddress.py
+++ b/systemvm/debian/opt/cloud/bin/cs/CsAddress.py
@@ -498,7 +498,7 @@ class CsIP:
                     if not inf.startswith("eth"):
                         continue
                     for address in addresses:
-                        if "nw_type" in address and address["nw_type"] == "guest":
+                        if "nw_type" in address and address["nw_type"] == "guest" and address["add"]:
                             self.fw.append(["filter", "front", "-A FORWARD -s %s -d %s -j ACL_INBOUND_%s" %
                                             (address["network"], self.address["network"], self.dev)])
                             self.fw.append(["filter", "front", "-A FORWARD -s %s -d %s -j ACL_INBOUND_%s" %